Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'WebCheck' = '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'
- <SYSTEM32>\taskkill.exe /im egui.exe /f
- <SYSTEM32>\sc.exe stop policyagent
- <SYSTEM32>\sc.exe delete ekrn
- <SYSTEM32>\taskkill.exe /im ekrn.exe /f
- ekrn.exe
- <SYSTEM32>\245250.DEP
- %CommonProgramFiles%\rkdltecq\qioihz.pif
- 'da.####aihuabian.com':53
- 'localhost':1035
- DNS ASK da.####aihuabian.com
- ClassName: '' WindowName: ''